From: Chris Snook <csnook@redhat.com>
To: Anand Jahagirdar <anandjigar@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Fork Bombing Patch
Date: Mon, 20 Aug 2007 10:42:47 -0400 [thread overview]
Message-ID: <46C9A867.6090509@redhat.com> (raw)
In-Reply-To: <25ae38200708200724sbce2749m7eb27565d7c84e5e@mail.gmail.com>
Anand Jahagirdar wrote:
> Hi
> As Per the Previous Discussion of my Patch,I think insted of using
> KERN_CRIT,it is better to lower the priority level to KERN_WARNING.
> thats why i used KERN_WARNING.it will warn administrator and its
> administrator responsibility to take whatever action he want to take.
>
> anand
Philosophically, I'm okay with the idea of a forkbomb meriting KERN_WARN
priority, but we should never have a printk that can be trivially triggered by
an unprivileged user that gets anything higher than KERN_INFO. If I'm an
attacker, and I want to do bad things without getting logged, the first thing I
do is launch a carefully-tuned forkbomb that doesn't bog down the system, just
triggers this message as often as the ratelimit will allow. Once /var/log is
full, I can do my nastiness. Administrators need to be able to protect against
that kind of thing without losing the ability to log KERN_WARN and higher
priority messages.
Also, I stand by my assertion that we should only be complaining if the hard
limit is also exceeded, since it's totally valid for an application to
self-constrain using soft limits. It may be uncommon, but the people who happen
to use whatever applications do this will be very unhappy when they update their
kernel and /var fills up from this spew.
-- Chris
next prev parent reply other threads:[~2007-08-20 14:42 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-16 6:24 Fork Bombing Patch Anand Jahagirdar
2007-08-16 7:40 ` Petr Tesarik
2007-08-17 7:19 ` Paul Jackson
2007-08-17 7:42 ` Petr Tesarik
2007-08-17 9:05 ` Paul Jackson
2007-08-16 11:19 ` Krzysztof Halasa
2007-08-16 11:27 ` Jan Engelhardt
2007-08-20 14:26 ` Anand Jahagirdar
2007-08-20 14:38 ` Jesper Juhl
2007-08-16 21:06 ` Chris Snook
2007-08-20 14:24 ` Anand Jahagirdar
2007-08-20 14:42 ` Chris Snook [this message]
2007-08-22 6:17 ` Anand Jahagirdar
2007-08-23 11:52 ` Krzysztof Halasa
2007-08-23 19:01 ` Chris Snook
2007-08-23 21:47 ` Krzysztof Halasa
[not found] ` <7b9198260708231737t33923ec6yde48bb1338a6fa70@mail.gmail.com>
2007-08-24 0:37 ` Tom Spink
2007-08-29 9:48 ` Anand Jahagirdar
2007-08-29 11:29 ` Simon Arlott
2007-08-29 11:54 ` Anand Jahagirdar
2007-08-29 13:49 ` Chris Snook
2007-09-02 8:52 ` Kyle Moffett
[not found] ` <25ae38200806180502i4d78e240l210b261f05f10507@mail.gmail.com>
[not found] ` <25ae38200806180505m61d51440ma5754fa817dfbc0b@mail.gmail.com>
2008-06-18 13:39 ` Chris Snook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46C9A867.6090509@redhat.com \
--to=csnook@redhat.com \
--cc=anandjigar@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.